15 May
2019
15 May
'19
10:19 a.m.
On Wed, May 15, 2019 at 10:14:35 +0200, Michal Privoznik wrote:
On 5/14/19 5:24 PM, Ilias Stamatis wrote:
On Tue, May 14, 2019 at 5:04 PM Michal Privoznik <mprivozn@redhat.com> wrote:
[...]
Because in the first loop, VIR_STRDUP might fail and send us to "cleanup". But then on cleanup we iterate over the whole errors array.
Isn't this incorrect? Do I understand something wrong?
Ah, now I get it. If user passes an array that is not zeroed out then we might end up passing a random pointer to free(). How about this then?
Why don't you just sanitize the user-passed memory first then?